Setting Up NTP on a Server: A Step-by-Step Guide

NTP (Network Time Protocol) is used to synchronize system time with a reference time provided by special servers. This article will cover how to configure NTP on various operating systems and devices, starting with a comprehensive guide on setting up an NTP Server on Linux.

Configuring an NTP Server on Linux

We'll demonstrate synchronization setup using Ubuntu, but this guide also applies to Debian and most Linux-based systems. We’ve divided the instructions into three parts: the first covers installing the NTP server, the second explains synchronizing NTP clients, and the third covers advanced synchronization settings.

To follow this guide, you will need:

• A cloud server with Ubuntu installed
• A root user or a user with sudo privileges
• nano or any other editor installed

Installing the NTP Server

These steps will guide you through installing and preparing the NTP server for further configuration.

1. Update the repository index to ensure you can download the latest software versions. Use the following command:

sudo apt-get update

2. Install the NTP server:

sudo apt-get install ntp

Confirm the installation by choosing Y if prompted (Y/N). Wait until the software is downloaded and installed.

3. Verify the installation:

sntp --version

The output should display the version number and the installation time.

4. Switch to the nearest server pool.

The server should receive accurate time by default, but it’s better to connect to a server pool closest to your location for extra reliability. To do this, edit the ntp.conf file located at /etc/ntp.conf. Open it with nano (you need sudo privileges) by entering:

sudo nano /etc/ntp.conf

You’ll see four lines, which we’ve highlighted in orange for reference:

These are the default pools, which we’ll replace with local ones (for example, for the USA, we can use NTP servers from this page). After replacing the lines, save and close ntp.conf by pressing Ctrl+O and Ctrl+X.

5. Restart the server:

sudo service ntp restart

6. Check the server status:

sudo service ntp status

The output should indicate Active (running) on one of the first lines (Active) and the server start time.

7. Configure the firewall.

To allow client access to the server, open UDP port 123 using UFW with the following command:

sudo ufw allow from any to any port 123 proto udp

The installation is complete, and the server is running; now, you can proceed with further configuration.

Configuring NTP Client Synchronization

The following steps will allow client systems to synchronize with our NTP server, which will serve as their primary time source.

1. Check the Connection

To verify the network configuration for NTP, enter the following command in the terminal:

sudo apt-get install ntpdate

2. Specify IP Address and Hostname

To configure the server’s IP and hostname, edit the hosts file located at /etc/hosts:

sudo nano /etc/hosts

Add the relevant data in the third line from the top (the address below is just an example; replace it with the actual IP of your NTP server):

192.168.154.142 ntp-server

Press Ctrl+X to exit and save changes by pressing Y. Alternatively, if you have a DNS server, you can perform this step there.

3. Verify Client Synchronization with the Server

To check if synchronization is active between the server and client, enter:

sudo ntpdate ntp-server

The output will show the time offset. A few milliseconds difference is normal, so you can ignore small values.

4. Disable the timesyncd Service

This service synchronizes the local system time, but we don't need it since our clients will sync with the NTP server. Disable it with:

sudo timedatectl set-ntp off

5. Install NTP on the Client System

Install NTP on the client with this command:

sudo apt-get install ntp

6. Set Your NTP Server as the Primary Reference

To ensure clients sync specifically with your server, open the ntp.conf file and add the following line:

server NTP-server-host prefer iburst

The prefer directive marks the server as preferred, and iburst allows multiple requests to the server for higher synchronization accuracy. Save the changes by pressing Ctrl+X and confirming with Y.

7. Restart the Server

Restart the NTP server with this straightforward command:

sudo service ntp restart

8. Check the Synchronization Queue

Finally, check the synchronization status by entering:

ntpq -ps

This command displays the list of servers in the synchronization queue, including your NTP server as the designated source.

Advanced Synchronization Options

Now that we’ve set up the NTP server and synchronized client machines, we’ll revisit the ntp.conf file (located at /etc/ntp.conf), which contains additional configurations to ensure robust synchronization with external sources.

Preferred Server

Mark the most reliable server or server pool with the prefer directive we’ve used before. For example:

server 1.north-america.pool.ntp.org prefer

The server directive indicates a specific server, while pool can be used to specify a pool of servers. Don’t forget the line server 127.127.1.0 at the end of the pool list, which defaults to the system time if the connection is lost.

Security Settings

Make sure the following lines are included in ntp.conf:

restrict default kod notrap nomodify nopeer noquery

The default command applies these settings as defaults for all restrict commands:

• kod (Kiss-o’-Death) limits the rate of requests.

• notrap blocks the acceptance of control commands.

• nomodify restricts commands that might alter the server state.

• nopeer prohibits synchronization with external hosts.

• noquery blocks query requests.

For IPv4, use -4 before default, and for IPv6, use -6.

Here’s an example of using some of these commands. The following line allows synchronization of nodes in a specific network while restricting nodes from receiving control or state-altering commands:

restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap

The following lines are required for the server to communicate with itself:

restrict 127.0.0.1
restrict ::1

Finally, remember to restart the server after making these changes.

Verifying NTP Operation

To check if NTP is functioning correctly, use the command ntpq -p. Example output:

In the first column, you’ll see the synchronization server’s address, followed by its parent server, stratum level (st column), and nup (t column). The next three columns show details on the last synchronization time, sync interval, and reliability status . The final two columns display the time difference between the synchronized server and the reference server, as well as the offset.

Pay attention to the symbols in the first column, which appear before the IP address:

• A + symbol indicates a reliable server for synchronization and a - means the opposite.
• An * indicates the current server chosen for synchronization.
• Occasionally, an x will appear, which means the server is unavailable.

Checking if the Server Provides Accurate Time

To ensure the server is distributing the correct time, run the ntpdate command from another system, specifying the IP address of the NTP server you want to verify. The output should look something like this:

adjust time server (IP address here) offset 0.012319 sec

The number represents the time offset. Here, an offset of about 0.01 seconds (12 milliseconds) is perfectly acceptable.

Now that we’ve completed the Linux setup, let’s look at configuring the NTP protocol on Windows.

Configuring an NTP Server on Windows Server

To install and configure an NTP server on Windows Server, you'll need to make some changes in the registry and run commands in the command prompt. 

Before proceeding with the configuration, you must start the service. This is done by modifying the following registry entry:

HKLM\System\CurrentControlSet\services\W32Time\TimeProviders\NtpServer

In this section, find the Enabled entry on the right and set it to 1 so that the Data column displays:

0x00000001 (1)

Next, open cmd and enter the command needed to restart the protocol:

net stop w32time && net start w32time

Make sure to run this command from C:\Users\Administrator. To verify that NTP is enabled, use the following command:

w32tm /query /configuration

You’ll get a long entry, and you should check the block NtpServer <Local>. In the Enabled line, the value should be 1. Now, open UDP port 123 in the firewall for proper client servicing, and then proceed with the configuration.

Return to the registry and look for the entry:

HKLM\System\CurrentControlSet\services\W32Time\Parameters

This section contains many parameters, but the main one is Type, which can take one of four values:

• NoSync — No synchronization.
• NTP — Synchronization with external servers specified in the NtpServer registry entry (this is the default for standalone machines).
• NT5DS — Synchronization according to the domain hierarchy (default for machines in a domain).
• AllSync — Synchronization with all available servers.

Now, go back to the registry and configure the values under the NtpServer section. Most likely, only the Microsoft server is listed. You can add others, paying attention to the flag at the end:

• 0x1, SpecialInterval — Standard mode recommended by Microsoft.
• 0x2, UseAsFallbackOnly — Use this server as a fallback.
• 0x4, SymmetricActive — This is the main mode for NTP servers.
• 0x8, Client — Used when synchronization issues occur.

The last thing you need to do is set the synchronization interval in the section:

W32Time\TimeProviders\NtpClient

The parameter is SpecialPollInterval, where you should set the desired value (in seconds). By default, it’s set to one week. If you want more frequent synchronization, set:

• 86400 for 1 day.
• 21600 for a quarter of a day (6 hours).
• 3600 for 1 hour.

The last value is optimal in terms of system load and acceptable precision when frequent synchronization is required.

Configuring an NTP Server on Cisco Devices

On Cisco devices, the process is simple and quick:

1. Enter configuration mode with the command:

conf t

2. Set the time zone using the command:

clock timezone <timezone> <offset>

For example:

clock timezone CST -6

3. Next, enter the command to set the NTP source:

ntp source

4. Specify the source.

5. If you want to make the server the primary one for other machines in the network, use the following command:

ntp master 2

The number should be 2 or greater.

6. Use the command ntp update-calendar to update the time.

7. Enter the names or IP addresses of the NTP servers.

8. Enter the time zone with the command:

clock timezone

9. And set the source using:

ntp source

To check the configuration or troubleshoot, use the show command. It will be useful for checking the time (show clock), NTP status (show ntp status), and associations (show ntp associations).

Configuring an NTP Server on MikroTik Routers

We will configure the NTP server using SNTP:

1. In Winbox, go to System – SNTP Client.

2. Find the SNTP Client section and enable it by checking the Enabled box.

3. In the Server DNS Names field below, enter the IP addresses of the NTP servers.

4. To check if everything is working, go to System – Clock. Set the time zone by choosing it from the dropdown list or check the Time Zone Autodetect box, and the time zone will be set automatically.

5. The synchronization interval can be seen in the Poll Interval field in the SNTP Client menu. Below, you will find the last synchronization time in the Last Update field.

That’s it! Now you’ve learned how to configure NTP on different operating systems and devices.